CVE-2019-5435 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths.
Group Package Affected Fixed Severity Status Ticket
AVG-963 lib32-curl 7.64.1-1 7.65.0-1 High Fixed
AVG-962 lib32-libcurl-compat 7.64.1-1 7.65.0-1 High Fixed
AVG-961 lib32-libcurl-gnutls 7.64.1-1 7.65.0-1 High Fixed
Date Advisory Group Package Severity Type
31 May 2019 ASA-201905-15 AVG-963 lib32-curl High arbitrary code execution
31 May 2019 ASA-201905-14 AVG-962 lib32-libcurl-compat High arbitrary code execution
31 May 2019 ASA-201905-13 AVG-961 lib32-libcurl-gnutls High arbitrary code execution
References
https://curl.haxx.se/docs/CVE-2019-5435.html
https://github.com/curl/curl/commit/5fc28510a4664f4